The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

This update fixes a vulnerability in Adobe Reader. This vulnerability isdetailed on the Adobe security page APSB10-17, listed in the Referencessection. A specially-crafted PDF file could cause Adobe Reader to crash or,potentially, execute arbitrary code as the user running Adobe Reader whenopened. (CVE-2010-2862)

Multiple security flaws were found in Adobe Flash Player embedded in AdobeReader. These vulnerabilities are detailed on the Adobe security pageAPSB10-16, listed in the References section. A PDF file with embeddedspecially-crafted SWF file could cause Adobe Reader to crash or,potentially, execute arbitrary code as the user running Adobe Reader whenopened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,CVE-2010-2216)

All Adobe Reader users should install these updated packages. They containAdobe Reader version 9.3.4, which is not vulnerable to these issues. Allrunning instances of Adobe Reader must be restarted for the update to takeeffect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.